All articles

August 01, 2012 06:06 Red Hat: Updated libwpd packages fix one security issue

0

libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents (.wpd files). An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Updated packages are available from ftp.redhat.com.

August 01, 2012 06:04 SuSE: New Linux kernel packages fix security vulnerabilities

0

The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host.

Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests.

Updated packages are available from download.opensuse.org.

August 01, 2012 06:01 Red Hat: Updated postgresql84 and postgresql packages fix...

0

PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.

A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language’s (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion.

Updated packages are available from ftp.redhat.com.

August 01, 2012 06:00 Red Hat: Updated postgresql packages fix one security issue

0

PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.

Updated packages are available from ftp.redhat.com.

August 01, 2012 05:59 Debian: Security update for python-crypto

0

It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute force attacks on such keys. Updated packages are available from security.debian.org.

August 01, 2012 05:58 Debian: Security update for dhcpcd

0

It was discovered that dhcpcd, a DHCP client, was vulnerable to a stack overflow. A malformed DHCP message could crash the client, causing a denial of service, and potentially remote code execution through properly designed malicous DHCP packets. Updated packages are available from security.debian.org.

August 01, 2012 05:50 Debian: Security update for Xen

0

Several vulnerabilities were discovered in Xen, a hypervisor. Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges. Xen does not properly handle SYSCALL and SYSENTER instructions in PV guests, allowing unprivileged users inside a guest system to crash the guest system.

Updated packages are available from security.debian.org.

July 27, 2012 05:01 Debian: Security update for Mantis

0

Several vulnerabilities were discovered in Mantis, am issue tracking system. Mantis installation in which the private_bug_view_threshold configuration option has been set to an array value do not properly enforce bug viewing restrictions. Copy/clone bug report actions fail to leave an audit trail. The delete_bug_threshold/bugnote_allow_user_edit_delete access check can be bypassed by users who have write access to the SOAP API.

Mantis performed access checks incorrectly when moving bugs between projects. A SOAP client sending a null password field can authenticate as the Mantis administrator. Mantis does not check the delete_attachments_threshold permission when a user attempts to delete an attachment from an issue.

Updated packages are available from security.debian.org.

July 27, 2012 04:59 Debian: Security update for Icedove

0

Several vulnerabilities have been discovered in icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards and a use-after-free issues. Updated packages are available from security.debian.org.

July 27, 2012 04:58 SuSE: New Pidgin packages fix security vulnerabilities

0

Various remote triggerable crashes in pidgin have been fixed. In some situations the MSN server sends text that isn’t UTF-8 encoded, and Pidgin fails to verify the text’s encoding. In some cases this can lead to a crash when attempting to display the text (). Incoming messages with certain characters or character encodings can cause clients to crash. A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests.

Updated packages are available from download.opensuse.org.

July 27, 2012 04:57 Debian: Security update for Quagga

0

It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service. Updated packages are available from security.debian.org.

July 27, 2012 04:55 Red Hat: Updated java-1.7.0-openjdk packages fix several ...

0

These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.

Multiple flaws were discovered in the font manager’s layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that java.lang.invoke.MethodHandles.Lookup did not properly honor access modes. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files.

Updated packages are available from ftp.redhat.com.

July 25, 2012 09:10 Red Hat: Updated 389-ds-base packages fix two security is...

0

The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user’s password via the “unhashed#user#password” attribute.

It was found that when the password for an LDAP user was changed, and audit logging was enabled (it is disabled by default), the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, “nsslapd-auditlog-logging-hide-unhashed-pw”, which when set to “on” (the default option), prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in “/etc/dirsrv/slapd-ID/dse.ldif”.

Updated packages are available from ftp.redhat.com.

July 25, 2012 09:08 Red Hat: Updated nss, nss-util, and nspr packages fix one...

0

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority (CA) issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. The nspr package has been upgraded to upstream version 4.9, which provides a number of bug fixes and enhancements over the previous version. The nss-util package has been upgraded to upstream version 3.13.3, which provides a number of bug fixes and enhancements over the previous version.

The nss package has been upgraded to upstream version 3.13.3, which provides numerous bug fixes and enhancements over the previous version. In particular, SSL 2.0 is now disabled by default, support for SHA-224 has been added, PORT_ErrorToString and PORT_ErrorToName now return the error message and symbolic name of an NSS error code, and NSS_GetVersion now returns the NSS version string.

Updated packages are available from ftp.redhat.com.

July 25, 2012 09:08 Red Hat: Updated sblim-cim-client2 packages fix one secur...

0

The SBLIM (Standards-Based Linux Instrumentation for Manageability) CIM (Common Information Model) Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF (Distributed Management Task Force) standards. It was found that the Java HashMap implementation was susceptible to predictable hash collisions. SBLIM uses HashMap when parsing XML inputs. A specially-crafted CIM-XML message from a WBEM (Web-Based Enterprise Management) server could cause a SBLIM client to use an excessive amount of CPU. Randomization has been added to help avoid collisions.

Updated packages are available from ftp.redhat.com.

July 25, 2012 09:06 Red Hat: Updated xorg-x11-server packages fix two securit...

0

X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.

Updated packages are available from ftp.redhat.com.

July 25, 2012 08:51 Red Hat: Updated kernel packages fix two security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client.

Updated packages are available from ftp.redhat.com.

July 23, 2012 03:34 Red Hat: An updated cifs-utils package fixes one security...

0

The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker.

Updated packages are available from ftp.redhat.com.

July 23, 2012 03:31 Red Hat: Updated abrt, libreport, btparser, and python-me...

0

ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. The btparser utility is a backtrace parser and analyzer library, which works with backtraces produced by the GNU Project Debugger. The python-meh package provides a python library for handling exceptions.

If the C handler plug-in in ABRT was enabled, and the sysctl fs.suid_dumpable option was set to “2”, core dumps of set user ID (setuid) programs were created with insecure group ID permissions. This could allow local, unprivileged users to obtain sensitive information from the core dump files of setuid processes they would otherwise not be able to access.

ABRT did not allow users to easily search the collected crash information for sensitive data prior to submitting it. This could lead to users unintentionally exposing sensitive information via the submitted crash reports. This update adds functionality to search across all the collected data.

Updated packages are available from ftp.redhat.com.

July 23, 2012 03:30 Red Hat: Updated openssh packages fix one security issue

0

OpenSSH is OpenBSD’s Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon (sshd) use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default.

Updated packages are available from ftp.redhat.com.

July 23, 2012 03:29 Red Hat: Updated net-snmp packages fix one security issue

0

The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP). An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the “extend” directive could use this flaw to crash snmpd via a crafted SNMP GET request.

Updated packages are available from ftp.redhat.com.

July 23, 2012 03:27 Red Hat: Updated mysql packages fix one security issue

0

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash.

Updated packages are available from ftp.redhat.com.

July 20, 2012 13:36 Red Hat: Updated 389-ds-base packages fix one security issue

0

The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon (ns-slapd) handled access control instructions (ACIs) using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time.

Updated packages are available from ftp.redhat.com.

July 20, 2012 13:35 Red Hat: Updated busybox packages fix two security issues

0

BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox.

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option’s value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process.

Updated packages are available from ftp.redhat.com.

July 20, 2012 13:34 Red Hat: Updated php-pecl-apc packages fix one security i...

0

The php-pecl-apc packages contain APC (Alternative PHP Cache), the framework for caching and optimization of intermediate PHP code. A cross-site scripting (XSS) flaw was found in the “apc.php” script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack.

Updated packages are available from ftp.redhat.com.

July 20, 2012 13:33 Red Hat: Updated rsyslog packages fix one security issue

0

The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they are able to cause a long line to be written to a log file that rsyslogd monitors with imfile. The imfile module is not enabled by default.

Updated packages are available from ftp.redhat.com.

July 20, 2012 13:32 Red Hat: Updated openldap packages fix one security issue

0

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure.

Updated packages are available from ftp.redhat.com.

July 18, 2012 05:22 Red Hat: Updated openldap packages fix one security issue

0

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure.

Updated packages are available from ftp.redhat.com.

July 18, 2012 05:20 Red Hat: Updated libvirt packages fix one security issue

0

The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device.

Updated packages are available from ftp.redhat.com.

July 18, 2012 05:19 Red Hat: Updated qt packages fix two security issues

0

Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.

Updated packages are available from ftp.redhat.com.

Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.